ALSA-2026:28998

[ALSA-2026:28998] Important: evince security update

Type:

security

Severity:

important

Release date:

2026-06-24

Description:

The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.  

Security Fix(es):  

  * atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen (CVE-2026-46529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	evince-browser-plugin-3.28.4-17.el8_10.aarch64.rpm	1f53f321d411340550934cb73d95f2056c419e9921087332a2e0f216bfd02ccb
aarch64	evince-nautilus-3.28.4-17.el8_10.aarch64.rpm	9ad5fe1db2d79ad12bfa3d3079df4d33db9457ab730ae591d93736959a6c5021
aarch64	evince-devel-3.28.4-17.el8_10.aarch64.rpm	a51f0f3a10ded1b037d0a27c51b857ea2709a247c3a2718f790762c032d03339
aarch64	evince-libs-3.28.4-17.el8_10.aarch64.rpm	c6e0b46a3d1f9feda0f08f2cf46fcda69f80b3afe8e0b839bab4cec4977f29e4
aarch64	evince-3.28.4-17.el8_10.aarch64.rpm	e17b5277cc127af17947ff7a4550d404de6e2c2cb629d5c7ef28093455f1c31a
i686	evince-libs-3.28.4-17.el8_10.i686.rpm	08f45515b4ad70b034e6ede185001c1082aeca166e0e3df8e365b86996adff27
i686	evince-devel-3.28.4-17.el8_10.i686.rpm	db414b061423a1ff45f27f6cc75dead72e554d0af1bbfc3b643b41712192f2a9
ppc64le	evince-libs-3.28.4-17.el8_10.ppc64le.rpm	2a01dea7d628962a2b14a9dae1a159a39164347e80e0b2991dfdb411efe27fb5
ppc64le	evince-3.28.4-17.el8_10.ppc64le.rpm	a3e13f4e3114d252df1e230693444a86de18d646543bce5665f90ddc0d498685
ppc64le	evince-devel-3.28.4-17.el8_10.ppc64le.rpm	d7e5fee9bf8bce043730f2297bdac504d167f30674525121725736d6aaceb8fb
ppc64le	evince-browser-plugin-3.28.4-17.el8_10.ppc64le.rpm	db97a2656806750b308515ee4135819ac55e01c8609f78e3fb0f6d81c7887f68
ppc64le	evince-nautilus-3.28.4-17.el8_10.ppc64le.rpm	fbccef20ec2d6e43b7e90aa4384fdfc51314e856a76236aef978c99e0e3fb08b
s390x	evince-nautilus-3.28.4-17.el8_10.s390x.rpm	2878ec92cc7d94d5d72bf81a16404c5c44c68675258cf54287e5bf676c3353ce
s390x	evince-browser-plugin-3.28.4-17.el8_10.s390x.rpm	4005e60f8c5855a206a83927be8a49e3c287cb9cd15920087131de2e33949805
s390x	evince-devel-3.28.4-17.el8_10.s390x.rpm	62afe6fb125e0eb7cefebcdc9ae9ffeaf46e73fb59dbcaa0d6fe7c452a40bb7b
s390x	evince-libs-3.28.4-17.el8_10.s390x.rpm	959e0c615afffc913bd629d414fa187cb6879178d976404c291420c5e9d726c7
s390x	evince-3.28.4-17.el8_10.s390x.rpm	af8108430c2505fc0f9154d4b0ac72231e5637fa923a6de6b7401bfe34a66524
x86_64	evince-libs-3.28.4-17.el8_10.x86_64.rpm	0f825d36133f3393f27063ce6cf38c8fe54fa7db9fdafc6377174bac44ad1388
x86_64	evince-3.28.4-17.el8_10.x86_64.rpm	3b1d594a9a6475151b7375d4db2f4c6bb0edf718e14c230bcb25a08fd5768045
x86_64	evince-nautilus-3.28.4-17.el8_10.x86_64.rpm	3cc040c926da5ca4731a9a9a7d680e54d07c81fbc09ba86e0126019d54daeee4
x86_64	evince-devel-3.28.4-17.el8_10.x86_64.rpm	41eb22234ce9bb065220a7a9e762dc5978874d4a96d7a6f3f419b701bc7b4140
x86_64	evince-browser-plugin-3.28.4-17.el8_10.x86_64.rpm	9d0561de7fb8591485d12263c5fa78c7c8954df0b1ee2833a80e17c234172440

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.